From e94ec8d119f70deebea51545754ac424bf65877a Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@gmail.com>
Date: Tue, 7 Jul 2015 19:15:23 +0100
Subject: [PATCH] Add Equifax root cert after Apple removed it.

Fixes #4942
---
 data/Equifax_Secure_Certificate_Authority.pem | 19 +++++++++++++++++++
 data/data.qrc                                 |  1 +
 .../Equifax_Secure_Certificate_Authority.pem  | 19 +++++++++++++++++++
 ext/clementine-tagreader/data/data.qrc        |  1 +
 ext/clementine-tagreader/main.cpp             |  2 ++
 src/internet/core/oauthenticator.cpp          |  8 ++++++++
 src/internet/core/oauthenticator.h            |  1 +
 src/main.cpp                                  |  2 ++
 8 files changed, 53 insertions(+)
 create mode 100644 data/Equifax_Secure_Certificate_Authority.pem
 create mode 100644 ext/clementine-tagreader/data/Equifax_Secure_Certificate_Authority.pem

diff --git a/data/Equifax_Secure_Certificate_Authority.pem b/data/Equifax_Secure_Certificate_Authority.pem
new file mode 100644
index 000000000..676db9759
--- /dev/null
+++ b/data/Equifax_Secure_Certificate_Authority.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
diff --git a/data/data.qrc b/data/data.qrc
index f69eccfe3..03c468856 100644
--- a/data/data.qrc
+++ b/data/data.qrc
@@ -1,5 +1,6 @@
 <RCC>
     <qresource prefix="/">
+        <file>Equifax_Secure_Certificate_Authority.pem</file>
         <file>blank.ttf</file>
         <file>clementine_remote_qr.png</file>
         <file>clementine-spotify-public.pem</file>
diff --git a/ext/clementine-tagreader/data/Equifax_Secure_Certificate_Authority.pem b/ext/clementine-tagreader/data/Equifax_Secure_Certificate_Authority.pem
new file mode 100644
index 000000000..676db9759
--- /dev/null
+++ b/ext/clementine-tagreader/data/Equifax_Secure_Certificate_Authority.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
diff --git a/ext/clementine-tagreader/data/data.qrc b/ext/clementine-tagreader/data/data.qrc
index 8e2f501e7..d8d123736 100644
--- a/ext/clementine-tagreader/data/data.qrc
+++ b/ext/clementine-tagreader/data/data.qrc
@@ -1,5 +1,6 @@
 <RCC>
   <qresource prefix="/certs">
+    <file>Equifax_Secure_Certificate_Authority.pem</file>
     <file>godaddy-root.pem</file>
   </qresource>
 </RCC>
diff --git a/ext/clementine-tagreader/main.cpp b/ext/clementine-tagreader/main.cpp
index c5e5cfeb1..55ad8e74b 100644
--- a/ext/clementine-tagreader/main.cpp
+++ b/ext/clementine-tagreader/main.cpp
@@ -57,6 +57,8 @@ int main(int argc, char** argv) {
 
   QSslSocket::addDefaultCaCertificates(
       QSslCertificate::fromPath(":/certs/godaddy-root.pem", QSsl::Pem));
+  QSslSocket::addDefaultCaCertificates(
+      QSslCertificate::fromPath(":/certs/Equifax_Secure_Certificate_Authority.pem", QSsl::Pem));
 
   TagReaderWorker worker(&socket);
 
diff --git a/src/internet/core/oauthenticator.cpp b/src/internet/core/oauthenticator.cpp
index 8996da5f4..58b272b07 100644
--- a/src/internet/core/oauthenticator.cpp
+++ b/src/internet/core/oauthenticator.cpp
@@ -21,6 +21,7 @@
 #include "internet/core/oauthenticator.h"
 
 #include <QDesktopServices>
+#include <QSslError>
 #include <QStringList>
 #include <QUrl>
 
@@ -114,6 +115,7 @@ void OAuthenticator::RequestAccessToken(const QByteArray& code,
                     "application/x-www-form-urlencoded");
 
   QNetworkReply* reply = network_.post(request, post_data.toUtf8());
+  connect(reply, SIGNAL(sslErrors(QList<QSslError>)), SLOT(SslErrors(QList<QSslError>)));
   NewClosure(reply, SIGNAL(finished()), this,
              SLOT(FetchAccessTokenFinished(QNetworkReply*)), reply);
 }
@@ -189,3 +191,9 @@ void OAuthenticator::RefreshAccessTokenFinished(QNetworkReply* reply) {
   SetExpiryTime(result["expires_in"].toInt());
   emit Finished();
 }
+
+void OAuthenticator::SslErrors(const QList<QSslError>& errors) {
+  for (const QSslError& error : errors) {
+    qLog(Debug) << error.errorString();
+  }
+}
diff --git a/src/internet/core/oauthenticator.h b/src/internet/core/oauthenticator.h
index 944838a14..64cf6c404 100644
--- a/src/internet/core/oauthenticator.h
+++ b/src/internet/core/oauthenticator.h
@@ -68,6 +68,7 @@ class OAuthenticator : public QObject {
   void RedirectArrived(LocalRedirectServer* server, QUrl url);
   void FetchAccessTokenFinished(QNetworkReply* reply);
   void RefreshAccessTokenFinished(QNetworkReply* reply);
+  void SslErrors(const QList<QSslError>& errors);
 
  private:
   static const char* kRemoteURL;
diff --git a/src/main.cpp b/src/main.cpp
index 2e6291299..1a961c805 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -401,6 +401,8 @@ int main(int argc, char* argv[]) {
   // Add root CA cert for SoundCloud, whose certificate is missing on OS X.
   QSslSocket::addDefaultCaCertificates(
       QSslCertificate::fromPath(":/soundcloud-ca.pem", QSsl::Pem));
+  QSslSocket::addDefaultCaCertificates(
+      QSslCertificate::fromPath(":/Equifax_Secure_Certificate_Authority.pem", QSsl::Pem));
 
   // Has the user forced a different language?
   QString override_language = options.language();